diff options
Diffstat (limited to 'epan/dissectors/packet-windows-common.c')
| -rw-r--r-- | epan/dissectors/packet-windows-common.c | 694 |
1 files changed, 342 insertions, 352 deletions
diff --git a/epan/dissectors/packet-windows-common.c b/epan/dissectors/packet-windows-common.c index b591d8d8..ffef2500 100644 --- a/epan/dissectors/packet-windows-common.c +++ b/epan/dissectors/packet-windows-common.c @@ -20,13 +20,13 @@ /* The types used in [MS-DTYP] v20180912 should be interpreted as * follows (all multi-byte integer types are little endian): - * typedef guint8 MS_BYTE; - * typedef guint16 MS_WORD; - * typedef guint32 MS_DWORD; - * typedef guint64 MS_QWORD; - * typedef guint64 MS_ULONG64; - * typedef guint64 MS_DWORD64; - * typedef gint64 MS_LONG64; + * typedef uint8_t MS_BYTE; + * typedef uint16_t MS_WORD; + * typedef uint32_t MS_DWORD; + * typedef uint64_t MS_QWORD; + * typedef uint64_t MS_ULONG64; + * typedef uint64_t MS_DWORD64; + * typedef int64_t MS_LONG64; */ enum cond_ace_token { @@ -43,15 +43,15 @@ static const value_string ace_cond_token_vals[] = { { 0, NULL } }; -static gboolean -ace_cond_token_has_data(guint8 token) { +static bool +ace_cond_token_has_data(uint8_t token) { switch (token) { #define DEF_COND_ACE_TOKEN(VAL, VAR, STR) #define DEF_COND_ACE_TOKEN_WITH_DATA(VAL, VAR, STR) case VAL: #include "cond_ace_token_enum.h" - return TRUE; + return true; } - return FALSE; + return false; } static const value_string ace_cond_base_vals[] = { @@ -86,142 +86,140 @@ static const value_string ace_sra_type_vals[] = { { 0, NULL } }; -static int hf_nt_sec_desc_revision = -1; -static int hf_nt_sec_desc_type_owner_defaulted = -1; -static int hf_nt_sec_desc_type_group_defaulted = -1; -static int hf_nt_sec_desc_type_dacl_present = -1; -static int hf_nt_sec_desc_type_dacl_defaulted = -1; -static int hf_nt_sec_desc_type_sacl_present = -1; -static int hf_nt_sec_desc_type_sacl_defaulted = -1; -static int hf_nt_sec_desc_type_dacl_trusted = -1; -static int hf_nt_sec_desc_type_server_security = -1; -static int hf_nt_sec_desc_type_dacl_auto_inherit_req = -1; -static int hf_nt_sec_desc_type_sacl_auto_inherit_req = -1; -static int hf_nt_sec_desc_type_dacl_auto_inherited = -1; -static int hf_nt_sec_desc_type_sacl_auto_inherited = -1; -static int hf_nt_sec_desc_type_dacl_protected = -1; -static int hf_nt_sec_desc_type_sacl_protected = -1; -static int hf_nt_sec_desc_type_rm_control_valid = -1; -static int hf_nt_sec_desc_type_self_relative = -1; -static int hf_nt_sid = -1; -static int hf_nt_sid_revision = -1; -static int hf_nt_sid_num_auth = -1; -static int hf_nt_sid_auth_dec = -1; -static int hf_nt_sid_auth_hex = -1; -static int hf_nt_sid_subauth = -1; -static int hf_nt_sid_rid_dec = -1; -static int hf_nt_sid_rid_hex = -1; -static int hf_nt_sid_wkwn = -1; -static int hf_nt_sid_domain = -1; -static int hf_nt_acl_revision = -1; -static int hf_nt_acl_size = -1; -static int hf_nt_acl_num_aces = -1; -static int hf_nt_ace_flags_object_inherit = -1; -static int hf_nt_ace_flags_container_inherit = -1; -static int hf_nt_ace_flags_non_propagate_inherit = -1; -static int hf_nt_ace_flags_inherit_only = -1; -static int hf_nt_ace_flags_inherited_ace = -1; -static int hf_nt_ace_flags_successful_access = -1; -static int hf_nt_ace_flags_failed_access = -1; -static int hf_nt_ace_type = -1; -static int hf_nt_ace_size = -1; -static int hf_nt_ace_flags_object_type_present = -1; -static int hf_nt_ace_flags_inherited_object_type_present = -1; -static int hf_nt_ace_guid = -1; -static int hf_nt_ace_inherited_guid = -1; +static int hf_nt_sec_desc_revision; +static int hf_nt_sec_desc_type_owner_defaulted; +static int hf_nt_sec_desc_type_group_defaulted; +static int hf_nt_sec_desc_type_dacl_present; +static int hf_nt_sec_desc_type_dacl_defaulted; +static int hf_nt_sec_desc_type_sacl_present; +static int hf_nt_sec_desc_type_sacl_defaulted; +static int hf_nt_sec_desc_type_dacl_trusted; +static int hf_nt_sec_desc_type_server_security; +static int hf_nt_sec_desc_type_dacl_auto_inherit_req; +static int hf_nt_sec_desc_type_sacl_auto_inherit_req; +static int hf_nt_sec_desc_type_dacl_auto_inherited; +static int hf_nt_sec_desc_type_sacl_auto_inherited; +static int hf_nt_sec_desc_type_dacl_protected; +static int hf_nt_sec_desc_type_sacl_protected; +static int hf_nt_sec_desc_type_rm_control_valid; +static int hf_nt_sec_desc_type_self_relative; +static int hf_nt_sid; +static int hf_nt_sid_revision; +static int hf_nt_sid_num_auth; +static int hf_nt_sid_auth_dec; +static int hf_nt_sid_auth_hex; +static int hf_nt_sid_subauth; +static int hf_nt_sid_rid_dec; +static int hf_nt_sid_rid_hex; +static int hf_nt_sid_wkwn; +static int hf_nt_sid_domain; +static int hf_nt_acl_revision; +static int hf_nt_acl_size; +static int hf_nt_acl_num_aces; +static int hf_nt_ace_flags_object_inherit; +static int hf_nt_ace_flags_container_inherit; +static int hf_nt_ace_flags_non_propagate_inherit; +static int hf_nt_ace_flags_inherit_only; +static int hf_nt_ace_flags_inherited_ace; +static int hf_nt_ace_flags_successful_access; +static int hf_nt_ace_flags_failed_access; +static int hf_nt_ace_type; +static int hf_nt_ace_size; +static int hf_nt_ace_flags_object_type_present; +static int hf_nt_ace_flags_inherited_object_type_present; +static int hf_nt_ace_guid; +static int hf_nt_ace_inherited_guid; /* Conditional ACE dissect */ -static int hf_nt_ace_cond = -1; -static int hf_nt_ace_cond_token = -1; -static int hf_nt_ace_cond_sign = -1; -static int hf_nt_ace_cond_base = -1; -static int hf_nt_ace_cond_value_int8 = -1; -static int hf_nt_ace_cond_value_int16 = -1; -static int hf_nt_ace_cond_value_int32 = -1; -static int hf_nt_ace_cond_value_int64 = -1; -static int hf_nt_ace_cond_value_string = -1; -static int hf_nt_ace_cond_value_octet_string = -1; -static int hf_nt_ace_cond_local_attr = -1; -static int hf_nt_ace_cond_user_attr = -1; -static int hf_nt_ace_cond_resource_attr = -1; -static int hf_nt_ace_cond_device_attr = -1; +static int hf_nt_ace_cond; +static int hf_nt_ace_cond_token; +static int hf_nt_ace_cond_sign; +static int hf_nt_ace_cond_base; +static int hf_nt_ace_cond_value_int8; +static int hf_nt_ace_cond_value_int16; +static int hf_nt_ace_cond_value_int32; +static int hf_nt_ace_cond_value_int64; +static int hf_nt_ace_cond_value_string; +static int hf_nt_ace_cond_value_octet_string; +static int hf_nt_ace_cond_local_attr; +static int hf_nt_ace_cond_user_attr; +static int hf_nt_ace_cond_resource_attr; +static int hf_nt_ace_cond_device_attr; /* System Resource Attribute ACE dissect */ -static int hf_nt_ace_sra = -1; -static int hf_nt_ace_sra_name_offset = -1; -static int hf_nt_ace_sra_name = -1; -static int hf_nt_ace_sra_type = -1; -static int hf_nt_ace_sra_reserved = -1; -static int hf_nt_ace_sra_flags = -1; -static int hf_nt_ace_sra_flags_manual = -1; -static int hf_nt_ace_sra_flags_policy_derived = -1; -static int hf_nt_ace_sra_flags_non_inheritable = -1; -static int hf_nt_ace_sra_flags_case_sensitive = -1; -static int hf_nt_ace_sra_flags_deny_only = -1; -static int hf_nt_ace_sra_flags_disabled_by_default = -1; -static int hf_nt_ace_sra_flags_disabled = -1; -static int hf_nt_ace_sra_flags_mandatory = -1; -static int hf_nt_ace_sra_value_count = -1; -static int hf_nt_ace_sra_value_offset = -1; -static int hf_nt_ace_sra_value_int64 = -1; -static int hf_nt_ace_sra_value_uint64 = -1; -static int hf_nt_ace_sra_value_string = -1; -static int hf_nt_ace_sra_value_sid = -1; -static int hf_nt_ace_sra_value_boolean = -1; -static int hf_nt_ace_sra_value_octet_string = -1; - -static int hf_nt_security_information_sacl = -1; -static int hf_nt_security_information_dacl = -1; -static int hf_nt_security_information_group = -1; -static int hf_nt_security_information_owner = -1; +static int hf_nt_ace_sra; +static int hf_nt_ace_sra_name_offset; +static int hf_nt_ace_sra_name; +static int hf_nt_ace_sra_type; +static int hf_nt_ace_sra_reserved; +static int hf_nt_ace_sra_flags; +static int hf_nt_ace_sra_flags_manual; +static int hf_nt_ace_sra_flags_policy_derived; +static int hf_nt_ace_sra_flags_non_inheritable; +static int hf_nt_ace_sra_flags_case_sensitive; +static int hf_nt_ace_sra_flags_deny_only; +static int hf_nt_ace_sra_flags_disabled_by_default; +static int hf_nt_ace_sra_flags_disabled; +static int hf_nt_ace_sra_flags_mandatory; +static int hf_nt_ace_sra_value_count; +static int hf_nt_ace_sra_value_offset; +static int hf_nt_ace_sra_value_int64; +static int hf_nt_ace_sra_value_uint64; +static int hf_nt_ace_sra_value_string; +static int hf_nt_ace_sra_value_sid; +static int hf_nt_ace_sra_value_boolean; +static int hf_nt_ace_sra_value_octet_string; + +static int hf_nt_security_information_sacl; +static int hf_nt_security_information_dacl; +static int hf_nt_security_information_group; +static int hf_nt_security_information_owner; /* Generated from convert_proto_tree_add_text.pl */ -static int hf_nt_security_information = -1; -static int hf_nt_sec_desc_type = -1; -static int hf_nt_offset_to_dacl = -1; -static int hf_nt_offset_to_owner_sid = -1; -static int hf_nt_ace_flags_object = -1; -static int hf_nt_offset_to_group_sid = -1; -static int hf_nt_ace_flags = -1; -static int hf_nt_offset_to_sacl = -1; - -static gint ett_nt_sec_desc = -1; -static gint ett_nt_sec_desc_type = -1; -static gint ett_nt_sid = -1; -static gint ett_nt_acl = -1; -static gint ett_nt_ace = -1; -static gint ett_nt_ace_flags = -1; -static gint ett_nt_ace_object = -1; -static gint ett_nt_ace_object_flags = -1; -static gint ett_nt_security_information = -1; -static gint ett_nt_ace_cond = -1; -static gint ett_nt_ace_cond_data = -1; -static gint ett_nt_ace_sra = -1; -static gint ett_nt_ace_sra_flags = -1; -static gint ett_nt_ace_sra_value_offsets = -1; -static gint ett_nt_ace_sra_values = -1; - -static expert_field ei_nt_owner_sid_beyond_data = EI_INIT; -static expert_field ei_nt_owner_sid_beyond_reassembled_data = EI_INIT; -static expert_field ei_nt_ace_extends_beyond_data = EI_INIT; -static expert_field ei_nt_ace_extends_beyond_reassembled_data = EI_INIT; -static expert_field ei_nt_group_sid_beyond_data = EI_INIT; -static expert_field ei_nt_group_sid_beyond_reassembled_data = EI_INIT; -static expert_field ei_nt_item_offs_out_of_range = EI_INIT; +static int hf_nt_security_information; +static int hf_nt_sec_desc_type; +static int hf_nt_offset_to_dacl; +static int hf_nt_offset_to_owner_sid; +static int hf_nt_ace_flags_object; +static int hf_nt_offset_to_group_sid; +static int hf_nt_ace_flags; +static int hf_nt_offset_to_sacl; + +static int ett_nt_sec_desc; +static int ett_nt_sec_desc_type; +static int ett_nt_sid; +static int ett_nt_acl; +static int ett_nt_ace; +static int ett_nt_ace_flags; +static int ett_nt_ace_object; +static int ett_nt_ace_object_flags; +static int ett_nt_security_information; +static int ett_nt_ace_cond; +static int ett_nt_ace_cond_data; +static int ett_nt_ace_sra; +static int ett_nt_ace_sra_flags; +static int ett_nt_ace_sra_value_offsets; +static int ett_nt_ace_sra_values; + +static expert_field ei_nt_owner_sid_beyond_data; +static expert_field ei_nt_owner_sid_beyond_reassembled_data; +static expert_field ei_nt_ace_extends_beyond_data; +static expert_field ei_nt_ace_extends_beyond_reassembled_data; +static expert_field ei_nt_group_sid_beyond_data; +static expert_field ei_nt_group_sid_beyond_reassembled_data; +static expert_field ei_nt_item_offs_out_of_range; /* WERR error codes */ -VALUE_STRING_ARRAY2_GLOBAL_DEF(WERR_errors); /* XXX: Remove GLOBAL_DEF once all PIDL generated dissectors - ref WERR_errors_ext */ +VALUE_STRING_ARRAY2(WERR_errors); value_string_ext WERR_errors_ext = VALUE_STRING_EXT_INIT(WERR_errors); /* * HRES error codes. */ -VALUE_STRING_ARRAY2_GLOBAL_DEF(HRES_errors); /* XXX: Remove GLOBAL_DEF once all PIDL generated dissectors - ref HRES_errors_ext */ +VALUE_STRING_ARRAY2(HRES_errors); value_string_ext HRES_errors_ext = VALUE_STRING_EXT_INIT(HRES_errors); @@ -243,7 +241,7 @@ value_string_ext DOS_errors_ext = VALUE_STRING_EXT_INIT(DOS_errors); * * https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/596a1078-e883-4972-9bbc-49e60bebca55 */ -const value_string NT_errors[] = { +static const value_string NT_errors[] = { { 0x00000000, "STATUS_SUCCESS" }, /*{ 0x00000000, "STATUS_WAIT_0" }, */ { 0x00000001, "STATUS_WAIT_1" }, @@ -1077,7 +1075,7 @@ const value_string NT_errors[] = { { 0xC002100A, "RPC_P_SEND_FAILED" }, { 0xC002100B, "RPC_P_TIMEOUT" }, { 0xC002100C, "RPC_P_SERVER_TRANSPORT_ERROR" }, - { 0xC002100E, "RPC_P_EXCEPTION_OCCURED" }, + { 0xC002100E, "RPC_P_EXCEPTION_OCCURRED" }, { 0xC0021012, "RPC_P_CONNECTION_SHUTDOWN" }, { 0xC0021015, "RPC_P_THREAD_LISTENING" }, { 0xC0030001, "RPC_NT_NO_MORE_ENTRIES" }, @@ -1242,101 +1240,86 @@ value_string_ext ms_country_codes_ext = VALUE_STRING_EXT_INIT(ms_country_codes); /*module_t* module;*/ /*pref_t* sid_display_hex;*/ -/* - * Translate an 8-byte FILETIME value, given as the upper and lower 32 bits, - * to an "nstime_t". - * A FILETIME is a 64-bit integer, giving the time since Jan 1, 1601, - * midnight "UTC", in 100ns units. - * Return TRUE if the conversion succeeds, FALSE otherwise. - * - * According to the Samba code, it appears to be kludge-GMT (at least for - * file listings). This means it's the GMT you get by taking a local time - * and adding the server time zone offset. This is NOT the same as GMT in - * some cases. However, we don't know the server time zone, so we don't - * do that adjustment. - * - * This code is based on the Samba code: - * - * Unix SMB/Netbios implementation. - * Version 1.9. - * time handling functions - * Copyright (C) Andrew Tridgell 1992-1998 - */ -static gboolean -nt_time_to_nstime(guint32 filetime_high, guint32 filetime_low, nstime_t *tv, gboolean onesec_resolution) +static proto_item * +add_nttime(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, + uint64_t filetime) { - guint64 d; + proto_item *item; + nstime_t ts; - if (filetime_high == 0) - return FALSE; + if (filetime == 0) { + ts.secs = 0; + ts.nsecs = 0; + item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, + &ts, "No time specified (0)"); + } else if (filetime == UINT64_C(0x8000000000000000)) { + ts.secs = 0; + ts.nsecs = 0x80000000; + item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, + &ts, "Infinity (relative time)"); + } else if (filetime == UINT64_C(0x7fffffffffffffff)) { + ts.secs = 0xffffffff; + ts.nsecs = 0x7fffffff; + item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, + &ts, "Infinity (absolute time)"); + } else { + if (filetime_to_nstime(&ts, filetime)) { + item = proto_tree_add_time(tree, hf_date, tvb, + offset, 8, &ts); + } else { + item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, + &ts, "Time can't be converted"); + } + } + return item; +} - d = ((guint64)filetime_high << 32) | filetime_low; +proto_item * +dissect_nttime(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, const unsigned encoding) +{ + if (tree) { + uint32_t filetime_high, filetime_low; + uint64_t filetime; - if (onesec_resolution) { - d *= 10000000; + filetime_low = tvb_get_uint32(tvb, offset, encoding); + filetime_high = tvb_get_uint32(tvb, offset + 4, encoding); + filetime = ((uint64_t)filetime_high << 32) | filetime_low; + return add_nttime(tvb, tree, offset, hf_date, filetime); } - - return filetime_to_nstime(tv, d); + return NULL; } -int -dissect_nt_64bit_time_opt(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, gboolean onesec_resolution _U_) +proto_item * +dissect_nttime_hyper(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, const unsigned encoding) { - return dissect_nt_64bit_time_ex(tvb, tree, offset, hf_date, NULL, FALSE); + if (tree) { + uint64_t filetime; + + filetime = tvb_get_uint64(tvb, offset, encoding); + return add_nttime(tvb, tree, offset, hf_date, filetime); + } + return NULL; } -int -dissect_nt_64bit_time_ex(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, proto_item **createdItem, gboolean onesec_resolution) +proto_item * +dissect_nttime_hyper_1sec(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date, const unsigned encoding) { - guint32 filetime_high, filetime_low; - nstime_t ts; - - /* XXX there seems also to be another special time value which is fairly common : - 0x40000000 00000000 - the meaning of this one is yet unknown - */ if (tree) { - proto_item *item = NULL; - filetime_low = tvb_get_letohl(tvb, offset); - filetime_high = tvb_get_letohl(tvb, offset + 4); - if (filetime_low == 0 && filetime_high == 0) { - ts.secs = 0; - ts.nsecs = 0; - item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, - &ts, "No time specified (0)"); - } else if(filetime_low==0 && filetime_high==0x80000000){ - ts.secs = filetime_low; - ts.nsecs = filetime_high; - item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, - &ts, "Infinity (relative time)"); - } else if(filetime_low==0xffffffff && filetime_high==0x7fffffff){ - ts.secs = filetime_low; - ts.nsecs = filetime_high; - item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, - &ts, "Infinity (absolute time)"); + uint64_t ftsecs; + nstime_t ts; + + ftsecs = tvb_get_uint64(tvb, offset, encoding); + if (filetime_1sec_to_nstime(&ts, ftsecs)) { + return proto_tree_add_time(tree, hf_date, tvb, + offset, 8, &ts); } else { - if (nt_time_to_nstime(filetime_high, filetime_low, &ts, onesec_resolution)) { - proto_tree_add_time(tree, hf_date, tvb, - offset, 8, &ts); - } else { - item = proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, - &ts, "Time can't be converted"); - } - } - if (createdItem != NULL) - { - *createdItem = item; + ts.secs = ftsecs; + ts.nsecs = 0; + return proto_tree_add_time_format_value(tree, hf_date, tvb, offset, 8, + &ts, "Time can't be converted"); } } - - offset += 8; - return offset; -} - -int -dissect_nt_64bit_time(tvbuff_t *tvb, proto_tree *tree, int offset, int hf_date) -{ - return dissect_nt_64bit_time_opt(tvb, tree, offset, hf_date, FALSE); + return NULL; } /* Well-known SIDs defined in @@ -1379,14 +1362,15 @@ static const sid_strings well_known_sids[] = { {"S-1-5-18", "Local System"}, {"S-1-5-19", "Local Service"}, {"S-1-5-20", "Network Service"}, + + {"S-1-5-21-0-0-0-496", "Compounded Authentication"}, + {"S-1-5-21-0-0-0-497", "Claims Valid"}, + /* * S-1-5-21-<d1>-<d2>-<d3>-<RID> where "<d1>-<d2>-<d3>" is the NT domain * RIDs are defined in 'wkwn_S_1_5_21_rids' */ {"S-1-5-21", "Domain SID"}, - {"S-1-5-21-0-0-0-496", "Compounded Authentication"}, - {"S-1-5-21-0-0-0-497", "Claims Valid"}, - /* S-1-5-32-<RID>: Builtin local group SIDs */ {"S-1-5-32", "Local Group"}, {"S-1-5-32-544", "Administrators"}, @@ -1461,7 +1445,7 @@ match_wkwn_sids(const char* sid) { int i = 0; while (well_known_sids[i].name) { if (strcmp(well_known_sids[i].sid, sid)==0) { - return(well_known_sids[i].name); + return well_known_sids[i].name; } i++; } @@ -1476,6 +1460,8 @@ match_wkwn_sids(const char* sid) { https://support.microsoft.com/en-us/help/243330/well-known-security-identifiers-in-windows-operating-systems */ static const value_string wkwn_S_1_5_21_rids[] = { + {496, "Compounded Authentication"}, + {497, "Claims Valid"}, {498, "Enterprise Read-only Domain Controllers"}, {500, "Administrator"}, {501, "Guest"}, @@ -1490,6 +1476,10 @@ static const value_string wkwn_S_1_5_21_rids[] = { {519, "Enterprise Admins"}, {520, "Group Policy Creator Owners"}, {521, "Read-only Domain Controllers"}, + {522, "Cloneable Controllers"}, + {525, "Protected Users"}, + {526, "Key Admins"}, + {527, "Enterprise Key Admins"}, {553, "RAS and IAS Servers"}, {571, "Allowed RODC Password Replication Group"}, {572, "Denied RODC Password Replication Group"}, @@ -1510,39 +1500,39 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, { int offset_sid_start = offset, sa_offset, rid_offset=0, wkwn_sid1_len=0, wkwn_sid2_len = 0, i; - guint8 revision, num_auth; - guint32 sa_field, rid=0; - guint64 authority=0; + uint8_t revision, num_auth; + uint32_t sa_field, rid=0; + uint64_t authority=0; wmem_strbuf_t *sa_str = NULL, *sid_in_dec_str = NULL, *sid_in_hex_str = NULL, *label_str = NULL, *domain_str = NULL, *wkwn_sid1_str = NULL, *wkwn_sid2_str = NULL; const char *mapped_name = NULL, *mapped_rid = NULL; - gboolean domain_sid = FALSE, s_1_5_32 = FALSE, s_1_5_64 = FALSE, locally_defined = FALSE, - S_1_16 = FALSE; + bool domain_sid = false, s_1_5_32 = false, s_1_5_64 = false, locally_defined = false, + S_1_16 = false; proto_item *item = NULL, *hidden_item; proto_tree *subtree = NULL; /* Revision of SID */ - revision = tvb_get_guint8(tvb, offset); + revision = tvb_get_uint8(tvb, offset); offset++; /* Number of subauthority fields */ - num_auth = tvb_get_guint8(tvb, offset); + num_auth = tvb_get_uint8(tvb, offset); offset++; if(sid_str) *sid_str=NULL; - if(hf_sid==-1){ + if(hf_sid <= 0){ /* if no tree, just return the offset of the end_of_SID+1 */ if (!parent_tree) - return(offset+(6+(num_auth*4))); + return offset+(6+(num_auth*4)); hf_sid=hf_nt_sid; } /* Identifier Authority */ for(i=0; i<6; i++){ - authority = (authority << 8) + tvb_get_guint8(tvb, offset); + authority = (authority << 8) + tvb_get_uint8(tvb, offset); offset++; } @@ -1560,7 +1550,7 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, label_str = wmem_strbuf_create(wmem_packet_scope()); if (strcmp(wmem_strbuf_get_str(sid_in_dec_str), "S-1-16")==0) - S_1_16 = TRUE; + S_1_16 = true; /* Check for Scoped Policy ID (S-1-17-<subauth1>...) */ if (authority == 17) { @@ -1629,13 +1619,13 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, /* The following three SID types have (unique) RIDs */ if (strcmp(wmem_strbuf_get_str(sid_in_dec_str), "S-1-5-21")==0) { /* Domain SID */ - domain_sid = TRUE; + domain_sid = true; } else if (strcmp(wmem_strbuf_get_str(sid_in_dec_str), "S-1-5-32")==0) { /* Local Group (S-1-5-32) SID */ - s_1_5_32 = TRUE; + s_1_5_32 = true; } else if (strcmp(wmem_strbuf_get_str(sid_in_dec_str), "S-1-5-64")==0) { /* Authentication (S-1-5-64) SID */ - s_1_5_64 = TRUE; + s_1_5_64 = true; } } } else if (i==2 && !domain_sid) { @@ -1653,12 +1643,12 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, wkwn_sid2_len=16; } else { /* The RID not well-known. */ - locally_defined = TRUE; + locally_defined = true; } } else { if (mapped_name) { /* A level 1 well-known SID appended with locally defined value */ - locally_defined = TRUE; + locally_defined = true; } } } else { @@ -1679,7 +1669,7 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, wmem_strbuf_append_printf(label_str, "-%s", mapped_rid); } else { - locally_defined = TRUE; + locally_defined = true; } } else { mapped_name = "Corrupt domain SID"; @@ -1687,7 +1677,7 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, } else { if (mapped_name) { /* A locally defined value appended to a level 2 well-known SID*/ - locally_defined = TRUE; + locally_defined = true; } } } @@ -1785,16 +1775,16 @@ dissect_nt_sid(tvbuff_t *tvb, int offset, proto_tree *parent_tree, /* Dissect SYSTEM_RESOURCE_ATTRIBUTE_ACE Value, see [MS-DTYP] v20180912 section 2.4.4.15 */ static int dissect_nt_ace_system_resource_attribute_value(tvbuff_t *tvb, int value_offset, proto_tree *tree, - guint16 value_type, proto_item *sra_item) + uint16_t value_type, proto_item *sra_item) { - guint value_len; - guint32 blob_len; + unsigned value_len; + uint32_t blob_len; proto_item *value_item = NULL; char *value_str = NULL; /* packet scope, do not free */ - gboolean quote = FALSE; + bool quote = false; switch (value_type) { case CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64: - value_len = sizeof(gint64); + value_len = sizeof(int64_t); value_item = proto_tree_add_item(tree, hf_nt_ace_sra_value_int64, tvb, value_offset, value_len, ENC_LITTLE_ENDIAN); @@ -1802,7 +1792,7 @@ dissect_nt_ace_system_resource_attribute_value(tvbuff_t *tvb, int value_offset, break; case CLAIM_SECURITY_ATTRIBUTE_TYPE_UINT64: - value_len = sizeof(guint64); + value_len = sizeof(uint64_t); value_item = proto_tree_add_item(tree, hf_nt_ace_sra_value_uint64, tvb, value_offset, value_len, ENC_LITTLE_ENDIAN); @@ -1814,7 +1804,7 @@ dissect_nt_ace_system_resource_attribute_value(tvbuff_t *tvb, int value_offset, value_item = proto_tree_add_item(tree, hf_nt_ace_sra_value_string, tvb, value_offset, value_len, ENC_UTF_16 | ENC_LITTLE_ENDIAN); - quote = TRUE; + quote = true; value_offset += value_len; break; @@ -1824,7 +1814,7 @@ dissect_nt_ace_system_resource_attribute_value(tvbuff_t *tvb, int value_offset, break; case CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN: - value_len = sizeof(guint64); + value_len = sizeof(uint64_t); value_item = proto_tree_add_item(tree, hf_nt_ace_sra_value_boolean, tvb, value_offset, value_len, ENC_LITTLE_ENDIAN); @@ -1867,16 +1857,16 @@ dissect_nt_ace_system_resource_attribute_value(tvbuff_t *tvb, int value_offset, /* Dissect SYSTEM_RESOURCE_ATTRIBUTE_ACE, see [MS-DTYP] v20180912 section 2.4.4.15 */ static int -dissect_nt_ace_system_resource_attribute(tvbuff_t *tvb, int offset, guint16 size, proto_tree *parent_tree) +dissect_nt_ace_system_resource_attribute(tvbuff_t *tvb, int offset, uint16_t size, proto_tree *parent_tree) { /* The caller has already dissected Header, Mask and Sid. Therefore this function only dissects Attribute Data. This data takes the form of a CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1. The following code dissects the structure piecemeal */ int start_offset = offset; - guint32 name; /* offset, relative to start_offset */ - guint16 value_type; - guint32 value_count; + uint32_t name; /* offset, relative to start_offset */ + uint16_t value_type; + uint32_t value_count; /* Add a subtree to hold the system resource attribute details */ proto_item *sra_item; @@ -1890,7 +1880,7 @@ dissect_nt_ace_system_resource_attribute(tvbuff_t *tvb, int offset, guint16 size tvb, offset, sizeof(name), name); int name_offset = (start_offset + name); - guint name_len = tvb_unicode_strsize(tvb, name_offset); + unsigned name_len = tvb_unicode_strsize(tvb, name_offset); proto_item *name_item; name_item = proto_tree_add_item(sra_tree, hf_nt_ace_sra_name, tvb, name_offset, name_len, @@ -1907,9 +1897,9 @@ dissect_nt_ace_system_resource_attribute(tvbuff_t *tvb, int offset, guint16 size /* Reserved */ proto_tree_add_item(sra_tree, hf_nt_ace_sra_reserved, - tvb, offset, sizeof(guint16), + tvb, offset, sizeof(uint16_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint16); + offset += sizeof(uint16_t); /* Flags */ static int * const flags[] = { @@ -1926,7 +1916,7 @@ dissect_nt_ace_system_resource_attribute(tvbuff_t *tvb, int offset, guint16 size proto_tree_add_bitmask(sra_tree, tvb, offset, hf_nt_ace_sra_flags, ett_nt_ace_sra_flags, flags, ENC_LITTLE_ENDIAN); - offset += sizeof(guint32); + offset += sizeof(uint32_t); /* ValueCount */ value_count = tvb_get_letohl(tvb, offset); @@ -1935,7 +1925,7 @@ dissect_nt_ace_system_resource_attribute(tvbuff_t *tvb, int offset, guint16 size offset += sizeof(value_count); /* Value Offsets and Values */ - guint32 value_offset; + uint32_t value_offset; proto_tree *value_offset_tree = sra_tree; proto_tree *value_tree = sra_tree; if (value_count > 1) { @@ -1962,7 +1952,7 @@ dissect_nt_ace_system_resource_attribute(tvbuff_t *tvb, int offset, guint16 size } proto_item_append_text(sra_item, "{"); - for (guint32 i = 0; i < value_count; ++i) { + for (uint32_t i = 0; i < value_count; ++i) { if (i) { proto_item_append_text(sra_item, ", "); } @@ -1981,13 +1971,13 @@ dissect_nt_ace_system_resource_attribute(tvbuff_t *tvb, int offset, guint16 size /* Dissect Condition ACE token, see [MS-DTYP] v20180912 section 2.4.4.17.4 */ static int // NOLINTNEXTLINE(misc-no-recursion) -dissect_nt_conditional_ace_token(tvbuff_t *tvb, packet_info *pinfo, int offset, guint16 size, proto_tree *parent_tree) +dissect_nt_conditional_ace_token(tvbuff_t *tvb, packet_info *pinfo, int offset, uint16_t size, proto_tree *parent_tree) { int start_offset = offset; proto_tree *tree = parent_tree; proto_item *item = NULL; - guint8 token = tvb_get_guint8(tvb, offset); - guint32 len; + uint8_t token = tvb_get_uint8(tvb, offset); + uint32_t len; item = proto_tree_add_uint(tree, hf_nt_ace_cond_token, tvb, offset, sizeof(token), token); @@ -2000,70 +1990,70 @@ dissect_nt_conditional_ace_token(tvbuff_t *tvb, packet_info *pinfo, int offset, switch (token) { case COND_ACE_TOKEN_INT8: proto_tree_add_item(tree, hf_nt_ace_cond_value_int8, - tvb, offset, sizeof(guint64), + tvb, offset, sizeof(uint64_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint64); + offset += sizeof(uint64_t); proto_tree_add_item(tree, hf_nt_ace_cond_sign, - tvb, offset, sizeof(guint8), + tvb, offset, sizeof(uint8_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint8); + offset += sizeof(uint8_t); proto_tree_add_item(tree, hf_nt_ace_cond_base, - tvb, offset, sizeof(guint8), + tvb, offset, sizeof(uint8_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint8); + offset += sizeof(uint8_t); break; case COND_ACE_TOKEN_INT16: proto_tree_add_item(tree, hf_nt_ace_cond_value_int16, - tvb, offset, sizeof(guint64), + tvb, offset, sizeof(uint64_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint64); + offset += sizeof(uint64_t); proto_tree_add_item(tree, hf_nt_ace_cond_sign, - tvb, offset, sizeof(guint8), + tvb, offset, sizeof(uint8_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint8); + offset += sizeof(uint8_t); proto_tree_add_item(tree, hf_nt_ace_cond_base, - tvb, offset, sizeof(guint8), + tvb, offset, sizeof(uint8_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint8); + offset += sizeof(uint8_t); break; case COND_ACE_TOKEN_INT32: proto_tree_add_item(tree, hf_nt_ace_cond_value_int32, - tvb, offset, sizeof(guint64), + tvb, offset, sizeof(uint64_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint64); + offset += sizeof(uint64_t); proto_tree_add_item(tree, hf_nt_ace_cond_sign, - tvb, offset, sizeof(guint8), + tvb, offset, sizeof(uint8_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint8); + offset += sizeof(uint8_t); proto_tree_add_item(tree, hf_nt_ace_cond_base, - tvb, offset, sizeof(guint8), + tvb, offset, sizeof(uint8_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint8); + offset += sizeof(uint8_t); break; case COND_ACE_TOKEN_INT64: proto_tree_add_item(tree, hf_nt_ace_cond_value_int64, - tvb, offset, sizeof(guint64), + tvb, offset, sizeof(uint64_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint64); + offset += sizeof(uint64_t); proto_tree_add_item(tree, hf_nt_ace_cond_sign, - tvb, offset, sizeof(guint8), + tvb, offset, sizeof(uint8_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint8); + offset += sizeof(uint8_t); proto_tree_add_item(tree, hf_nt_ace_cond_base, - tvb, offset, sizeof(guint8), + tvb, offset, sizeof(uint8_t), ENC_LITTLE_ENDIAN); - offset += sizeof(guint8); + offset += sizeof(uint8_t); break; case COND_ACE_TOKEN_UNICODE_STRING: @@ -2165,14 +2155,14 @@ dissect_nt_conditional_ace_token(tvbuff_t *tvb, packet_info *pinfo, int offset, /* Dissect Conditional ACE (if present), see [MS-DTYP] v20180912 section 2.4.4.17.4 */ static int -dissect_nt_conditional_ace(tvbuff_t *tvb, packet_info *pinfo, int offset, guint16 size, proto_tree *parent_tree) +dissect_nt_conditional_ace(tvbuff_t *tvb, packet_info *pinfo, int offset, uint16_t size, proto_tree *parent_tree) { int start_offset = offset; /* Conditional ACE Application Data starts with "artx" */ if (size >= 4) { - const guint32 artx = 0x78747261; /* "xtra" (LE) */ - guint32 prefix = tvb_get_letohl(tvb, offset); + const uint32_t artx = 0x78747261; /* "xtra" (LE) */ + uint32_t prefix = tvb_get_letohl(tvb, offset); offset += sizeof(prefix); if (prefix == artx) { @@ -2183,7 +2173,7 @@ dissect_nt_conditional_ace(tvbuff_t *tvb, packet_info *pinfo, int offset, guint1 /* Add the tokens to the subtree */ int remaining; - while (TRUE) { + while (true) { remaining = size - (offset - start_offset); if (remaining <= 0) break; @@ -2199,42 +2189,42 @@ dissect_nt_conditional_ace(tvbuff_t *tvb, packet_info *pinfo, int offset, guint1 https://docs.microsoft.com/en-us/windows/win32/secauthz/access-mask-format */ -static gint ett_nt_access_mask = -1; -static gint ett_nt_access_mask_generic = -1; -static gint ett_nt_access_mask_standard = -1; -static gint ett_nt_access_mask_specific = -1; - -static int hf_access_sacl = -1; -static int hf_access_maximum_allowed = -1; -static int hf_access_generic_read = -1; -static int hf_access_generic_write = -1; -static int hf_access_generic_execute = -1; -static int hf_access_generic_all = -1; -static int hf_access_standard_delete = -1; -static int hf_access_standard_read_control = -1; -static int hf_access_standard_synchronise = -1; -static int hf_access_standard_write_dac = -1; -static int hf_access_standard_write_owner = -1; -static int hf_access_specific_15 = -1; -static int hf_access_specific_14 = -1; -static int hf_access_specific_13 = -1; -static int hf_access_specific_12 = -1; -static int hf_access_specific_11 = -1; -static int hf_access_specific_10 = -1; -static int hf_access_specific_9 = -1; -static int hf_access_specific_8 = -1; -static int hf_access_specific_7 = -1; -static int hf_access_specific_6 = -1; -static int hf_access_specific_5 = -1; -static int hf_access_specific_4 = -1; -static int hf_access_specific_3 = -1; -static int hf_access_specific_2 = -1; -static int hf_access_specific_1 = -1; -static int hf_access_specific_0 = -1; +static int ett_nt_access_mask; +static int ett_nt_access_mask_generic; +static int ett_nt_access_mask_standard; +static int ett_nt_access_mask_specific; + +static int hf_access_sacl; +static int hf_access_maximum_allowed; +static int hf_access_generic_read; +static int hf_access_generic_write; +static int hf_access_generic_execute; +static int hf_access_generic_all; +static int hf_access_standard_delete; +static int hf_access_standard_read_control; +static int hf_access_standard_synchronise; +static int hf_access_standard_write_dac; +static int hf_access_standard_write_owner; +static int hf_access_specific_15; +static int hf_access_specific_14; +static int hf_access_specific_13; +static int hf_access_specific_12; +static int hf_access_specific_11; +static int hf_access_specific_10; +static int hf_access_specific_9; +static int hf_access_specific_8; +static int hf_access_specific_7; +static int hf_access_specific_6; +static int hf_access_specific_5; +static int hf_access_specific_4; +static int hf_access_specific_3; +static int hf_access_specific_2; +static int hf_access_specific_1; +static int hf_access_specific_0; /* Map generic permissions to specific permissions */ -static void map_generic_access(guint32 *access_mask, +static void map_generic_access(uint32_t *access_mask, struct generic_mapping *mapping) { if (*access_mask & GENERIC_READ_ACCESS) { @@ -2260,7 +2250,7 @@ static void map_generic_access(guint32 *access_mask, /* Map standard permissions to specific permissions */ -static void map_standard_access(guint32 *access_mask, +static void map_standard_access(uint32_t *access_mask, struct standard_mapping *mapping) { if (*access_mask & READ_CONTROL_ACCESS) { @@ -2278,13 +2268,13 @@ static void map_standard_access(guint32 *access_mask, } int -dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, - proto_tree *tree, dcerpc_info *di, guint8 *drep, int hfindex, - struct access_mask_info *ami, guint32 *perms) +dissect_nt_access_mask(tvbuff_t *tvb, int offset, packet_info *pinfo, + proto_tree *tree, dcerpc_info *di, uint8_t *drep, int hfindex, + struct access_mask_info *ami, uint32_t *perms) { proto_item *item; proto_tree *subtree, *generic_tree, *standard_tree, *specific_tree; - guint32 access; + uint32_t access; static int * const generic_access_flags[] = { &hf_access_generic_read, @@ -2384,7 +2374,7 @@ dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, access & SPECIFIC_RIGHTS_MASK); if (ami && ami->specific_rights_fn) { - guint32 mapped_access = access; + uint32_t mapped_access = access; proto_tree *specific_mapped; specific_mapped = proto_item_add_subtree( @@ -2413,7 +2403,7 @@ dissect_nt_access_mask(tvbuff_t *tvb, gint offset, packet_info *pinfo, return offset; } -static int hf_nt_access_mask = -1; +static int hf_nt_access_mask; #define ACL_REVISION_NT4 2 #define ACL_REVISION_ADS 4 @@ -2568,7 +2558,7 @@ dissect_nt_ace_object(tvbuff_t *tvb, int offset, proto_tree *parent_tree) proto_item *item; proto_tree *tree; proto_item *flags_item; - guint32 flags; + uint32_t flags; int old_offset=offset; const char *sep = " "; static int * const ace_flags[] = { @@ -2608,10 +2598,10 @@ dissect_nt_ace_object(tvbuff_t *tvb, int offset, proto_tree *parent_tree) static int dissect_nt_v2_ace_flags(tvbuff_t *tvb, int offset, proto_tree *parent_tree, - guint8 *data) + uint8_t *data) { proto_item *item = NULL; - guint8 mask; + uint8_t mask; const char *sep = " "; static int * const ace_flags[] = { &hf_nt_ace_flags_failed_access, @@ -2624,7 +2614,7 @@ dissect_nt_v2_ace_flags(tvbuff_t *tvb, int offset, proto_tree *parent_tree, NULL }; - mask = tvb_get_guint8(tvb, offset); + mask = tvb_get_uint8(tvb, offset); if (data) *data = mask; @@ -2647,24 +2637,24 @@ dissect_nt_v2_ace_flags(tvbuff_t *tvb, int offset, proto_tree *parent_tree, static int dissect_nt_v2_ace(tvbuff_t *tvb, int offset, packet_info *pinfo, - proto_tree *parent_tree, guint8 *drep, + proto_tree *parent_tree, uint8_t *drep, struct access_mask_info *ami) { proto_item *item; proto_tree *tree; int old_offset = offset; char *sid_str = NULL; - guint16 size; - guint16 data_size; - guint8 type; - guint8 flags; - guint32 perms = 0; + uint16_t size; + uint16_t data_size; + uint8_t type; + uint8_t flags; + uint32_t perms = 0; tree = proto_tree_add_subtree(parent_tree, tvb, offset, -1, ett_nt_ace, &item, "NT ACE: "); /* type */ - type = tvb_get_guint8(tvb, offset); + type = tvb_get_uint8(tvb, offset); proto_tree_add_uint(tree, hf_nt_ace_type, tvb, offset, 1, type); offset += 1; @@ -2770,18 +2760,18 @@ dissect_nt_v2_ace(tvbuff_t *tvb, int offset, packet_info *pinfo, static int dissect_nt_acl(tvbuff_t *tvb, int offset_a, packet_info *pinfo, - proto_tree *parent_tree, guint8 *drep, const char *name, + proto_tree *parent_tree, uint8_t *drep, const char *name, struct access_mask_info *ami) { proto_item *item; proto_tree *tree; int old_offset = offset_a; int pre_ace_offset; - guint16 revision; - guint32 num_aces; + uint16_t revision; + uint32_t num_aces; volatile int offset_v = offset_a; - volatile gboolean missing_data = FALSE; - volatile gboolean bad_ace = FALSE; + volatile bool missing_data = false; + volatile bool bad_ace = false; tree = proto_tree_add_subtree_format(parent_tree, tvb, offset_v, -1, ett_nt_acl, &item, "NT %s ACL", name); @@ -2838,18 +2828,18 @@ dissect_nt_acl(tvbuff_t *tvb, int offset_a, packet_info *pinfo, /* * Bogus ACE, with a length < 4. */ - bad_ace = TRUE; + bad_ace = true; } } CATCH(ContainedBoundsError) { proto_tree_add_expert(tree, pinfo, &ei_nt_ace_extends_beyond_data, tvb, offset_v, 0); - missing_data = TRUE; + missing_data = true; } CATCH(ReportedBoundsError) { proto_tree_add_expert(tree, pinfo, &ei_nt_ace_extends_beyond_reassembled_data, tvb, offset_v, 0); - missing_data = TRUE; + missing_data = true; } ENDTRY; @@ -2960,7 +2950,7 @@ int dissect_nt_security_information(tvbuff_t *tvb, int offset, proto_tree *parent_tree) { proto_item *item = NULL; - guint32 mask; + uint32_t mask; static int * const flags[] = { &hf_nt_security_information_sacl, &hf_nt_security_information_dacl, @@ -2993,24 +2983,24 @@ dissect_nt_security_information(tvbuff_t *tvb, int offset, proto_tree *parent_tr int dissect_nt_sec_desc(tvbuff_t *tvb, int offset_a, packet_info *pinfo, - proto_tree *parent_tree, guint8 *drep, - gboolean len_supplied _U_, int len, + proto_tree *parent_tree, uint8_t *drep, + bool len_supplied _U_, int len, struct access_mask_info *ami) { proto_item *item = NULL; proto_tree * volatile tree = NULL; - guint16 revision; + uint16_t revision; int start_offset = offset_a; volatile int offset_v=offset_a; volatile int end_offset; volatile int item_offset; - guint32 owner_sid_offset; + uint32_t owner_sid_offset; proto_item *it_owner_sid_offs = NULL; - volatile guint32 group_sid_offset; + volatile uint32_t group_sid_offset; proto_item * volatile it_gr_sid_offs = NULL; - volatile guint32 sacl_offset; + volatile uint32_t sacl_offset; proto_item * volatile it_sacl_offs = NULL; - volatile guint32 dacl_offset; + volatile uint32_t dacl_offset; proto_item * volatile it_dacl_offs = NULL; tree = proto_tree_add_subtree(parent_tree, tvb, offset_v, -1, @@ -3672,7 +3662,7 @@ proto_do_register_windows_common(int proto_smb) { &hf_nt_offset_to_dacl, { "Offset to DACL", "nt.offset_to_dacl", FT_UINT32, BASE_DEC, NULL, 0x0, NULL, HFILL }}, }; - static gint *ett[] = { + static int *ett[] = { &ett_nt_sec_desc, &ett_nt_sec_desc_type, &ett_nt_sid, |